[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] UX improvement proposal: Onion auto-redirects using Alt-Svc HTTP header
- To: tor-dev@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [tor-dev] UX improvement proposal: Onion auto-redirects using Alt-Svc HTTP header
- From: Iain Learmonth <irl@xxxxxxxxxxxxxx>
- Date: Fri, 13 Jul 2018 20:23:41 +0100
- Autocrypt: addr=irl@xxxxxxxxxxxxxx; prefer-encrypt=mutual; keydata= xsFNBFZp8zEBEACxOYriD+tEuc3Wpnbh+GGnyiaLEMABBrfn6JlDQphbBq/YTz9M9OPkttjx hLL/yrxlM1nD69XbGKQ9gIL3LEgOz9+OdivPbN+Q5iNMqk/WCQUqd3bCFbbsn1yvoTumFy9S 9kYX45Db3jRJoN/Nye6Stf7KKPxHxot14iY+PUR/5Gx5KbeWVKfDtQejGnhxQD73KjrX4wds BAaxnQ7KbjQyUf+IxE+8qSDcyTP+pPqxspVzx+eFqsW5+kK1eJMHxJmY/KsAs6IsGf5lvyDJ JECc2iE0mFS6vc14lGcD7BAYMPRnvlK3OcDlbdJS3ZU0LQu3/AplM7cNcesq2Btm06OUTsbj 10ZiyLi7Q0WZRuUbn7t3jOQVyOlNfjUpJhKPMMobBL2R0KzcptJbUrKc08wZD/TPaXuHKWAE JuA6kFMXtHhV8Qhxz5/d2KUA8ex+zpVd2xSR6q4llcYu1w8zHZtLN+YKSmjjKs+AjiTrCMYs OYxt4cwxuaIIhBNvCC9WqZOxHX7YHmpVcSV6K9Wwhk9mVIU3Ii0G2HWs6OQ0vIueCDGMEdVk ig/a7cVlfXNz7WuaXuhOJmHz6d6Yk4dFn5mLbEY9cZhBxf5hjCwtp9b6v+ueuptfcnOd+38G 9KH6NyHKZyS4jcd3E6Dp0+9Isbl/EohjPCujevoW3/DlT08OKQARAQABzSBJYWluIFIuIExl YXJtb250aCA8aXJsQGZzZmUub3JnPsLBlwQTAQoAQQIbAwULCQgHAwUVCgkICwUWAgMBAAIe AQIXgAIZARYhBKj3ulBB4TMznLoWlnbVgJP1QKvNBQJaa1esBQkF4pf7AAoJEHbVgJP1QKvN BB8P/0iaI8JPpEYyrHnGn5fYrvfDA5QRABOvnk50mK+RsgDLlmh3/4VKVmS4nW+TyfSJ1pkm V+4EU0wM8lJ5fbnteFTqxg2are+RtBfCrpoMY1jRC1nvuxsIKGcy7KOActbKfBDpVm3fB+Hl RDmQgJY1gK0NDiir3YVoCoKtaI5H/TJa4SEXrDg3qcgKoU0Z1irj250o7B0GhcM4MynpwC3S aPtMjerAkbfVhbvp1MGogJoBEroULwzfVNNpBFHFwYWQLgyQc8bLaa6OncuMZDkWQHoUeEiP HBBiIGDujStBFL6+HUg3yiVpT32P0ZfnoSClaGnq8skWAnJtBKc9mww7kfa4hDQol/Hjcm5r ykdXm+SK53QdCxaMC3alHVOdkDekNfoziTfiNE56LqBidWrUG5XSL/9lJZMTm023ToTzejn+ KtiDdRZok80mcJ79quJFPj+L4JUjE3NdgBMdSWnGi9Qgqw7rn6LjOhF4AiyT+2kLwnomGDHf H8Yty+B3gs/BiVVpdRXE2SuoI/xK6Vjq4s3+q0Bl3Zt0sa2s9nsl1kToYkKabYHatERgHWEB VJ357glcnAb5LaX7wGfzPq5tFvKw3u1SFAbRwyV6dUir6B8mfBBDk/IKeSXLc84gEexmPRgP 295wHHaDdbEDhXdlm6gtnVPUX1hQgFR/33/YGp1ZzsFNBFprf6sBEADOANf22so7uoGcvok2 TM/T8BHI5+TqHEc4hVe+JGGJ1ZnWlgtGmpOs0fOQj3WAgGI0ZmTqMuozKF/K9ljbjaMXsLD+ JIBTD4rINy60VX2zHhmWhNaOcJvq+wbuHx0tMbhqsTStGnSkvRhH61ncMqVqlTTTLVQQSxKl 9D2l7ZGwEPLHRFlydTOOix+F+Y1ehxYLVaPkaycs8wvgjYsDLo3T8TmuOL+rcEfvxJ6lT2V5 I51xqievqoBazAfXvA8FW/0G+Z9LUJmViOVluWg3xjP8okKYgOkOeX00vMBCVaiEA08oaxY0 ebS7uBEgppjWSwn+WAhB+6spd67d4W+DmAnM262lxFMhVYhXpfeV9zygULQOofdE6xtFkaxr /y8xQ4Bf7zX8ko6X9aFQFB/vc+zUtjzjg4VaQvWrThjaHlbEKR55MDxJu2T9S7g5bR4zxZNv 36gwlIdmx33a1AeR1nGcWa/7OtoS53+lUwyFVWLOnucqKh71Y38AAMd5L9Fsb+ArQem71knE UTC+HvBGkPb2Y2PzGnnzhZyC8zgE8AjVD0wB+RMDNI3+fIW6biKAHDqrS6ZCVkzJ1R9nOjXM HRYZ5qlG+rCOeu6Jp4yNwp46z4PqiiLJ9NtmdNttLCEn5PDVF3g9g811JcadvFVH1ZELoDGW Mg3Q+QOHQBFYj7cj2QARAQABwsF8BBgBCgAmFiEEqPe6UEHhMzOcuhaWdtWAk/VAq80FAlpr f6sCGwwFCQHhM4AACgkQdtWAk/VAq80LwA//djg9GBhL2YYN57h/dso0V+hvNEFtCCS1sCBD Y5bHWxBMJDc77gY7Uxzf6au9SRj/tQGhqehFc1yTK5/z+FmS8qor/q3DINdRTG6h616RBhug YJkYQPYFoGqH6OwZZ+u4wtAJF9kQyngB97eC13xvrtb8pv3T2ZbMyiYSQgB6odJgSjq+MdxF W4lNdXihLCMbhvlapKwkItE/XZT8YBZW6gyZiCalSjkNITdirjch2twZDiYQIHCmeU4JrLLR gmeWGhfwZSEfq2Kd9WIK2KtTaONYVu7UrLD5WKAx8XX6vjPMyEtylQplyn0j3s5J09vzhfTY QirB4OseU1TQ5StWu4CgVauTRLjz+rm5rHGqZ5wcNdbiLyL7GIva4EvqTqRTiGzqiE/gkdmx +Lf0BKH8m4dVszNMdKjd6eBMnZQg7imjb2zk4UI9LAKSg5BKOXW3+NyiSAjvj7DA06XJ1Y3d b1+KiFDO7EM1729F4CgJk0DKbM4HAq6H1YVbCKk1X3GuWQJzNqYOwnywb5igYymMic2ixM5D MVaSLnWUEaLkW8enGj5wonz3IBtHa8B5tu6MJ87cRiSFbn5eupB7LxJu5SLcFbphvkuSR5oP F4Zy0Fzxq0XOZUs1Do/EZCWYZZl8cIRP/JcsE0N2HQixAVRoBAs5MkMw1+NaiVgrd0v6/ik=
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Fri, 13 Jul 2018 15:23:58 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=dkqYLumHeazcOFFIlYXHNZGErw1mG 2NyBm/o12pdUmM=; b=XV+w5ERFFnGs4rOzuRnEGD5B2PyCNbzRohaL7CAA333uY jhFPjPk/oiq0VmWsp6/pGqKlU6r1jM8xWte9Xv1k/4tFzoOeW8VpfHjXOen4oE/e M0e5TgZYKdQ74/tXj9E8CNJiRayOWXT5JYSlyQbxHWC4+AnqAcKkh30yRdqkcsGH jiIhJkyWL5FJnLADbHwFuDGXjVf09SUKQ+Rq7CIuEzyiyWLxmF52/PLvPsRKus6C ZC7UFGCLke3IZTRkWuaa3bxDP9jG1lT+Hl7JPT2LlJ2GkQj60kXn2rbtC2556m+i JdmoJoBZic2xA7JegVcVwzSdatu41KbuL79wXqSaQ==
- In-reply-to: <CA+cU71kqzy=qp6SsxuR7snDMq3UHrX+E9PwHtRddXNLiO2M9Dw@mail.gmail.com>
- List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
- List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
- List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
- List-post: <mailto:tor-dev@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
- Openpgp: preference=signencrypt
- Organization: Tor Project
- References: <87ined2fbo.fsf@riseup.net> <878ted6yzq.fsf@riseup.net> <9772edff-d447-fa8b-2523-5a348ff9875a@torproject.org> <87fu6j8ywr.fsf@riseup.net> <85413679-a52a-e6b6-99e2-7c8fdf3e9a7c@torproject.org> <CA+cU71kqzy=qp6SsxuR7snDMq3UHrX+E9PwHtRddXNLiO2M9Dw@mail.gmail.com>
- Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
Hi,
On 13/07/18 16:24, Tom Ritter wrote:
> Ah, that makes sense. You want /foo.html to serve an Onion-Location
> that goes to /foo.html
Exactly! But I might also want that /foo/bar.html goes to /bar.html on
the onion service while /baz/bar.html goes to /bar.html on another onion
service. Otherwise I don't think we can claim that the Onion-Location
header is similar to the Location header.
> But you're saying you did this manually for each file? I guess I
> hadn't thought about how I would implement this (for Apache)... http
> -> https redirection is done with mod_write, typically something like
My personal website is currently hosted by Netlify. They allow you to
provide a file that is used to send custom headers on a per-URL basis.
https://www.netlify.com/docs/headers-and-basic-auth/
I've attached the script I'm using for this. It's a manual step in that
I have to run the script. I could probably automate it if I learnt a
little more Hugo.
> I don't mess with Apache/mod_rewrite much, but surely there's a way to
> write out the Onion-Location header with the supplied path/querystring
> automatically?
I would imagine there are ways to configure this, but I don't know what
they are.
> I agree that if a Location header is present, the browser should
> follow it immediately. If the subsequent location has an
> Onion-Location header (and no Location header) then the browser should
> prompt.
This sounds reasonable.
> Location is a non-prompt, non-negotiable redirect.
> Onion-Location is a prompted, user-chosen redirect.
>
> The only question in my mind is if the user has opted in to always
> following Onion-Location redirects, then the question is: which header
> do you follow? And I would suggest Onion-Location although I don't
> have a strong argument for that choice besides "It's our feature, we
> should give it precedence."
I think in this case, I would prefer to follow the Onion-Location header
first, as the user has chosen to make the usability trade-off for
security by enabling the automatic redirects.
Would it be worthwhile for me to write some text to this effect as a
patch for the proposal document?
Thanks,
Iain.
#!/usr/bin/zsh
hugo
find public | \
grep index.html | \
sed 's/^public//' | \
sed 's/index.html$//' | \
awk '{ print $0 "\n Onion-Location: http://tvin5bvfwew3ldttg5t6ynlif4t53y3mbmb7sgbyud7h5q6gblrpsnyd.onion"; $0 }' \
> static/_headers
# Limited compatibility with Healthy Onions add-on
sed -i 's,^ Onion-Location: http://tvin5bvfwew3ldttg5t6ynlif4t53y3mbmb7sgbyud7h5q6gblrpsnyd.onion/$, Onion-Location: http://tvin5bvfwew3ldttg5t6ynlif4t53y3mbmb7sgbyud7h5q6gblrpsnyd.onion,' static/_headers
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev